Sebkinne Posted January 31, 2013 Share Posted January 31, 2013 Hey everyone, As you all know, Digininja and WhistleMaster have been working hard to bring you their Keylogger infusion. This infusion is now ready and you will find it in your local Pineapple bar. Seeing as this is a rather complex module, there are bound to be issues with it. Some of the issues we know about, some we don't. We ask you to report any issues you are having / any bugs you are experiencing. Please do this in an ordered fashion. Read through the entire thread and see if your issue has already been reported. If so and you have more to add, please quote the issue and add your findings to it. Please do not complain that something doesn't work. We are all working together to make this a great module, but please don't ask for ETAs. Note that for the module to work you may need to run the 2.7.5 firmware. This is due to kernel dependencies of ebtables. List of known issues upon release: If the browser sends a GET request that has the full url ie "GET http://blah.com/file HTTP/1.1" instead of "GET http://blah.com/file HTTP/1.1", some pages will fail to load (wikimedia for example - means no CSS for wikipedia). If an input field already has an onkeypress method attached to it, it will get overwritten - this will probably break the site's functionality. Can be fixed quite quickly but more on that later. The install_keylogger() javascript function doesn't always fire if the page takes too long to load. Typing in input forms has a bit of a lag about it. Not much we can do about that. We are looking forward to your feedback and hope you enjoy this module! We will keep enhancing it's performance and reliability and try to iron out any issues found. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted January 31, 2013 Share Posted January 31, 2013 (edited) Great collaboration on this module :) ! Thanks to Digininja for the hard work on the proxy and to Seb for his help to fix the issues ! Edited February 1, 2013 by Whistle Master Quote Link to comment Share on other sites More sharing options...
digininja Posted January 31, 2013 Share Posted January 31, 2013 Thanks to Seb and WM for their help with this. As Seb says, we know there are a few bugs, I know how to fix some of them and just need to find time to do it, but now this is fairly stable we wanted to get it out there and into peoples hands so it can be tested and bugs found. If you want to know how the proxy works then I've put quite a few commends in proxy.rb, k.php and k.js but I'm also planning to do a write up on it. Enjoy Quote Link to comment Share on other sites More sharing options...
Shark3y Posted January 31, 2013 Share Posted January 31, 2013 Well it works. What do you attribute the slow entry to? When I rolled my own solution, I didn't run into this issue.. however it didn't inject into the page nearly as well as this one. Great work guys! -Shark3y Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted January 31, 2013 Author Share Posted January 31, 2013 Well it works. What do you attribute the slow entry to? When I rolled my own solution, I didn't run into this issue.. however it didn't inject into the page nearly as well as this one. Great work guys! -Shark3y The reason for the input lag is because every key pressed is transmitted via a post request. It is being run synchronously. Otherwise the key order could get messed up. The issue with doing it asynchronously is that we would need to also transmit a time-stamp. This is something that could be incorporated into a future version. Quote Link to comment Share on other sites More sharing options...
gantarone Posted February 1, 2013 Share Posted February 1, 2013 Thanksssssss :D :D :D Quote Link to comment Share on other sites More sharing options...
digininja Posted February 1, 2013 Share Posted February 1, 2013 I've a bit of a plan to leave it as it is for now and collect bug reports then do upgrades and bug fixes in a single release. That is unless a module-stopping bug comes in, then I'll fix it early. Quote Link to comment Share on other sites More sharing options...
deviney Posted February 5, 2013 Share Posted February 5, 2013 i think i may be doing something wrong because i am not getting any data when i login to sites. My setup is below: i have updated the firmware to 2.7.5 and installed the keylogger to my usb. I have then connected the pineapple to a AP with internet access. I then turned the keylogger on. I then went to a few sites to login (firefox loads some sites ok but internet explorer is terrible it will not even load sites such as facebook) No data was returned. If my setup is wrong please tell me because iv been waiting for this to come out since i heard it was in development Quote Link to comment Share on other sites More sharing options...
digininja Posted February 5, 2013 Share Posted February 5, 2013 Is your pineapple acting as a bridge or a router? If you don't know then it will be bridge. Try to see if you can get the keylogger javascript through the browser, visit http://172.16.42.1/k.js and see if it gives you a file. We are only keylogging on HTTP sites as you can't inject into HTTPS, didn't Facebook go HTTPS only recently? Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted February 16, 2013 Share Posted February 16, 2013 How works? I installed it but doesnt capture nothing. I triying the link above and give me the file, but I doesnt know how works. Quote Link to comment Share on other sites More sharing options...
digininja Posted February 17, 2013 Share Posted February 17, 2013 What link above? This is a module that you install on the Pineapple Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted February 18, 2013 Share Posted February 18, 2013 Is your pineapple acting as a bridge or a router? If you don't know then it will be bridge. Try to see if you can get the keylogger javascript through the browser, visit http://172.16.42.1/k.js and see if it gives you a file. We are only keylogging on HTTP sites as you can't inject into HTTPS, didn't Facebook go HTTPS only recently? This Link for test it, Quote Link to comment Share on other sites More sharing options...
digininja Posted February 18, 2013 Share Posted February 18, 2013 So if you can see the javascript file then things are probably installed. You just need to visit a HTTP site (not HTTPS) and then watch the log while typing into an input field or text area. Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted February 18, 2013 Share Posted February 18, 2013 Ok, let me try. Thanks. Quote Link to comment Share on other sites More sharing options...
comatose603 Posted February 21, 2013 Share Posted February 21, 2013 I seem to be having issue as well. And I'm probably doing something stupid. Is there a site, say doing a search on Slashdot, that we can use as a testing reference so that we're all on the same page (no pun intended)? Quote Link to comment Share on other sites More sharing options...
digininja Posted February 21, 2013 Share Posted February 21, 2013 Me and Seb both tested it against http://cloud.wifipineapple.com/index.php?portal Quote Link to comment Share on other sites More sharing options...
comatose603 Posted February 23, 2013 Share Posted February 23, 2013 Me and Seb both tested it against http://cloud.wifipineapple.com/index.php?portal Ok, well, I've associated my client with the Pineapple, opened that URL and the keylogger module is reporting "no data captured." Any ideas what is going wrong? Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted February 23, 2013 Share Posted February 23, 2013 What is your network setup ? From which interface are you sharing the internet ? Quote Link to comment Share on other sites More sharing options...
comatose603 Posted February 23, 2013 Share Posted February 23, 2013 What is your network setup ? From which interface are you sharing the internet ? Typical setup using a laptop to route traffic through. Laptop wlan0 is furthest upstream, to eth0 then to br-lan on the pineapple and it's wlan0. Everything else is working ok, e.g., sslstrip and urlsnarf. Do I need to have those off for the keylogger to work? Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted February 23, 2013 Share Posted February 23, 2013 Do you enable the refresh option? Quote Link to comment Share on other sites More sharing options...
comatose603 Posted February 24, 2013 Share Posted February 24, 2013 Do you enable the refresh option? Yup. And I hit the manual refresh button. Nada. Quote Link to comment Share on other sites More sharing options...
comatose603 Posted February 24, 2013 Share Posted February 24, 2013 (edited) Figured it out: If URLsnarf is running Keylogger does not work. Any thoughts on why this is and what we can do about it? (also my URLsnarf is configured for wlan0 since if its on br-lan, which it is by default, it conflicts with SSLstrip) Two other things: 1) the logs should go into /usb/data/ 2) needs the autostart feature Edited February 24, 2013 by comatose603 Quote Link to comment Share on other sites More sharing options...
digininja Posted February 25, 2013 Share Posted February 25, 2013 The reason for this is that they both (and sslstrip) redirect all port 80 traffic that is heading over the network bridge to themselves. There can be only one recipient of this traffic so when you start one you kill the other. I've got a partially implemented solution to this in my proxy but haven't had time to finish it yet so for now you are limited to one or the other. We didn't realise this otherwise we could have put up a warning when you try to start multiple apps. Quote Link to comment Share on other sites More sharing options...
xneox Posted March 4, 2013 Share Posted March 4, 2013 Hi guys a bit of a noob question do I need to have my wifi card in monitor mode for keylogger to work? Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted March 4, 2013 Share Posted March 4, 2013 Nop. Just make the pineapple with a internet connection, start karma, start keylogger Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.